Codeigniter重定向未在相对重定向中保留HTTPS [英] Codeigniter redirect not preserving HTTPS in relative redirects

问题描述

我有一个拥有公共区域和私有区域的站点。专用区域
应该通过HTTPS提供服务。我想一次重定向到一个明确的HTTPS URL，然后使用相对URLS来确保所有链接都是安全的。当用户注销时，我将显式链接到绝对不安全的HTTP URL。

I have a site which has a public and a private area. The private area should be served via HTTPS. I want to redirect once to an explicit HTTPS url, and then, using relative URLS, have all the links be secure. When the user logs out, I will explicitly link to an absolute non-secure HTTP URL.

我的登录表单会通过常规HTTP显示为非安全站点。我的登录表单发布到 https://www.mysite.com/login/validate ，它使用安全连接加载。

My login form is shown a non-secure site via regular HTTP. My login form posts to https://www.mysite.com/login/validate , which loads using a secure connection.

我的日志显示Apache正在通过HTTPS加载URL，而codeigniter正确地进行了验证。

My logs show that Apache is loading the URL via HTTPS and codeigniter is doing its validation correctly.

在控制器功能结束时，我重定向到 / myaccount 使用CodeIgniter的URL帮助器的 redirect 方法和相对URL。

At the end of my controller function I redirect to /myaccount using CodeIgniter's URL helper's redirect method with a relative URL.

redirect('/myaccount');

这会导致codeigniter重定向到非HTTPS URL。

This causes codeigniter to redirect to a non-HTTPS URL.

我的配置base_url是非HTTPS：

My config base_url is non-HTTPS:

$config['base_url'] = "http://www.mysite.com"

这是因为网站的某些部分是安全的，而其他部分则不是。

This is because some parts of the site are secure while others are not.

有没有一种方法可以告诉CodeIgniter在进行相对重定向时保留HTTPS？如果假设当前控制器是通过HTTPS加载的，而我正在执行相对重定向，为什么要假设我要去非HTTPS站点呢？

Is there a way to tell CodeIgniter to preserve HTTPS when doing relative redirects? Why is it assuming I want to go to a non-HTTPS site if the current controller was loaded via HTTPS and I am doing a relative redirect?

对我来说，理想的行为是，如果我正在进行相对重定向，则它应该保留加载当前请求所通过的协议。取而代之的是，它切换到config base_url定义的内容，即使是相对重定向也是如此。

The desired behavior for me is that if I am doing relative redirect, it should preserve the protocol through which the current request was loaded. Instead, it is switching to what the config base_url has defined, even for relative redirects.

推荐答案

使用此：

$config['base_url'] = "http".((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") ? "s" : "")."://".$_SERVER['HTTP_HOST'].str_replace(basename($_SERVER['SCRIPT_NAME']),"",$_SERVER['SCRIPT_NAME']);

代替此：

$config['base_url'] = "http://www.example.com"

这将始终重定向到您想要的位置。您甚至不必输入域名，只需按原样使用它即可！

This'll always redirect to where you want it. You don't even have to enter your domain name, just use it as is!

我还自动加载了此帮助程序：

In addition to the above, I also autoload this helper:

<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');

function is_https_on()
{
    return isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on';
}

function use_ssl($turn_on = TRUE)
{
    $url = $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];

    if ( $turn_on )
    {
        if ( ! is_https_on() && $_SERVER['HTTP_HOST'] != 'localhost')
        {
            redirect('https://' . $url, 'location', 301 );
            exit;
        }
    }
    else
    {
        if ( is_https_on() )
        {
            redirect('http://' . $url, 'location', 301 );
            exit;
        }
    }
}

/* End of file https_helper.php */
/* Location: ./application/helpers/https_helper.php */

有了此设置，我可以将我的各个页面设置为始终使用HTTPS / HTTP（

With this in place, I can set my individual pages to always use HTTPS/HTTP (either in a single method in my controller, or - if I want it to affect the whole controller - in the constructor).

我只使用：

use_ssl();

在脚本开始处，以确保它是通过HTTPS加载的。

at the beginning of the script, to ascertain that it is loaded via HTTPS.

或者，如果我只想通过HTTP服务，我将使用：

Alternatively, if I only want to serve it through HTTP, I'll use:

use_ssl(FALSE);

这篇关于Codeigniter重定向未在相对重定向中保留HTTPS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！